Server2000, IAS PEAP cannot find certificate
Last response: in Wireless Networking
Archived from groups: microsoft.public.windows.networking.wireless (More info?)
Hi,
I'm having problems configuring a Windows 2000 Server IAS for PEAP.
Whenever I click the "Configuration" button to configure PEAP when
configuring the remote access policy, I get the error "A certificate
could not be found that can be used with the Extensible Authentication
Protocol".
Now I have tried installing a number of certificates into the machine
local store (with the corresponding CA certificate in the Trusted Root
CAs store) to no avail.
I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
of the certificate. All certificates have the correct Server Auth OID
in the EKU. The certificates have been imported with make private keys
exportable checked.
I have tried this with a test Server 2003 box and this works fine
(which incidentally does not seem to check the content of the CN
field). And I have exported good certificates with their private keys
from this box to the 2000 box and these don't work either.
I have also tried the process detailed in the MS Knowledge Base article
295663 (How to import third-party certification authority (CA)
certificates into the Enterprise NTAuth store) and this doesn't help
either.
How can I find out what IAS does not like about my certificates?
thanks,
Andy
Hi,
I'm having problems configuring a Windows 2000 Server IAS for PEAP.
Whenever I click the "Configuration" button to configure PEAP when
configuring the remote access policy, I get the error "A certificate
could not be found that can be used with the Extensible Authentication
Protocol".
Now I have tried installing a number of certificates into the machine
local store (with the corresponding CA certificate in the Trusted Root
CAs store) to no avail.
I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
of the certificate. All certificates have the correct Server Auth OID
in the EKU. The certificates have been imported with make private keys
exportable checked.
I have tried this with a test Server 2003 box and this works fine
(which incidentally does not seem to check the content of the CN
field). And I have exported good certificates with their private keys
from this box to the 2000 box and these don't work either.
I have also tried the process detailed in the MS Knowledge Base article
295663 (How to import third-party certification authority (CA)
certificates into the Enterprise NTAuth store) and this doesn't help
either.
How can I find out what IAS does not like about my certificates?
thanks,
Andy
More about : server2000 ias peap find certificate
Archived from groups: microsoft.public.windows.networking.wireless (More info?)
Try looking here
http://www.microsoft.com/technet/prodtechnol/windowsser...
You've covered the server OID in the EKU. Check the section on server
requirements. Verify the CSP and SAN. Those are often overlooked.
What certificate template are you using? Does the CRL chain correctly?
Hopefully that helps.
--
Mark Gamache
Certified Security Solutions
http://www.css-security.com
<andrew.juniper@red-m.com> wrote in message
news:1121433968.273422.273540@g44g2000cwa.googlegroups.com...
> Hi,
>
> I'm having problems configuring a Windows 2000 Server IAS for PEAP.
>
> Whenever I click the "Configuration" button to configure PEAP when
> configuring the remote access policy, I get the error "A certificate
> could not be found that can be used with the Extensible Authentication
> Protocol".
>
> Now I have tried installing a number of certificates into the machine
> local store (with the corresponding CA certificate in the Trusted Root
> CAs store) to no avail.
>
> I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
> of the certificate. All certificates have the correct Server Auth OID
> in the EKU. The certificates have been imported with make private keys
> exportable checked.
>
> I have tried this with a test Server 2003 box and this works fine
> (which incidentally does not seem to check the content of the CN
> field). And I have exported good certificates with their private keys
> from this box to the 2000 box and these don't work either.
>
> I have also tried the process detailed in the MS Knowledge Base article
> 295663 (How to import third-party certification authority (CA)
> certificates into the Enterprise NTAuth store) and this doesn't help
> either.
>
> How can I find out what IAS does not like about my certificates?
>
> thanks,
> Andy
>
Try looking here
http://www.microsoft.com/technet/prodtechnol/windowsser...
You've covered the server OID in the EKU. Check the section on server
requirements. Verify the CSP and SAN. Those are often overlooked.
What certificate template are you using? Does the CRL chain correctly?
Hopefully that helps.
--
Mark Gamache
Certified Security Solutions
http://www.css-security.com
<andrew.juniper@red-m.com> wrote in message
news:1121433968.273422.273540@g44g2000cwa.googlegroups.com...
> Hi,
>
> I'm having problems configuring a Windows 2000 Server IAS for PEAP.
>
> Whenever I click the "Configuration" button to configure PEAP when
> configuring the remote access policy, I get the error "A certificate
> could not be found that can be used with the Extensible Authentication
> Protocol".
>
> Now I have tried installing a number of certificates into the machine
> local store (with the corresponding CA certificate in the Trusted Root
> CAs store) to no avail.
>
> I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
> of the certificate. All certificates have the correct Server Auth OID
> in the EKU. The certificates have been imported with make private keys
> exportable checked.
>
> I have tried this with a test Server 2003 box and this works fine
> (which incidentally does not seem to check the content of the CN
> field). And I have exported good certificates with their private keys
> from this box to the 2000 box and these don't work either.
>
> I have also tried the process detailed in the MS Knowledge Base article
> 295663 (How to import third-party certification authority (CA)
> certificates into the Enterprise NTAuth store) and this doesn't help
> either.
>
> How can I find out what IAS does not like about my certificates?
>
> thanks,
> Andy
>
Related ressources:
- ForumPEAP /MSCHAPV2 need server certificate ??
- ForumIAS EAP-TLS Certificate Error
- Forum802.1x authentication issues.
- ForumEnterprise CA and RADIUS authentication
- ForumIAS fails with certs from Stand Alone CA
- ForumAttn. MVPs/MSFT - Q: different authentication methods for ..
- ForumWireless LAN in a big city + networking question
- ForumWireless Login help please
- ForumDoesn't anyone Know anything about roaming?
- ForumGP Logon Script Fails on Wireless XP Clients
- ForumWireless connectivity issues post SP2
- ForumWireless Authentication via AD?
- ForumHow do I login to domain with USB network adapter?
- ForumHow-to configure access point and client to support 802.1X?
- ForumYo boB.. some ultralight questions
- ForumWireless and Windows roaming profiles
- ForumVerizon Modem into Router
- ForumCannot share printer or files but have wireless internet
- ForumCannot Disable SSID on BEFW11S4 Ver 4 with WPA Pre-Share KEY
- ForumCannot log on to wireless router
- More resources
Read discussions in other Wireless Networking categories
!
